Add Research

Get your company's research in the hands of targeted business professionals.

Security Policies

A Security Policy is a plan of action for tackling security issues, or a set of regulations for maintaining a certain level of security. It can span anything from the practices for securing a single computer, to building/premises security, to securing the existence of an entire nation-state.

External collaboration is a major source of information risk. New tools make document collaboration much easier, but may have serious security issues.
Learn more about industry trends and demands for security and compliance in online collaboration.

Countless studies and analyst recommendations suggest the value of improving security during the software development life cycle rather than trying to address vulnerabilities in software discovered after widespread adoption and deployment. The justification is clear.For software vendors, costs are incurred both directly and indirectly from security flaws found in their products. Reassigning development resources to create and distribute patches can often cost software vendors millions of dollars, while successful exploits of a single vulnerability have in some cases caused billions of dollars in losses to businesses worldwide. Vendors blamed for vulnerabilities in their product's source code face losses in credibility, brand image, and competitive advantage.

Today, when you make decisions about information technology (IT) security priorities, you must often strike a careful balance between business risk, impact, and likelihood of incidents, and the costs of prevention or cleanup. Historically, the most well-understood variable in this equation was the methods that hackers used to disrupt or invade the system.

The Business Case for Data Protection, conducted by Ponemon Institute and sponsored by Ounce Labs, is the first study to determine what senior executives think about the value proposition of corporate data protection efforts within their organizations. In times of shrinking budgets, it is important for those individuals charged with managing a data protection program to understand how key decision makers in organizations perceive the importance of safeguarding sensitive and confidential information.

The response to possible bank card fraud is one of the most important factors affecting the relationship that customers have with their bank. For customer-centric financial institutions who issue millions of bank cards, any instance of possible fraud is both a business risk to be managed and an opportunity to strengthen customer relationships.

Securing your email is a complex process that takes time and uses resources that can be better deployed elsewhere in your business. Moving on-premise email security into the cloud not only saves time and money, but also reduces risk and takes advantages of economies of scale to deliver an effective, dedicated security platform that unshackles users and releases the potential of your mail.

The market for cloud-based IT infrastructure services delivered in a software-as-a-service model continues to grow. IDC research indicates this model of IT delivery is disrupting traditional licensed software markets and changing how archiving, backup, recovery, and security technologies are procured.

What the Internet of Things means for consumer privacy discusses the findings of an Economist Intelligence Unit (EIU) research programme, sponsored by ForgeRock, that explores the privacy
concerns and priorities of global consumers stemming from the Internet of Things (IoT) and related technologies.

When the General Data Protection Regulation (GDPR) replaces the European Unionís Data Protection Directive 95/46/ec on May 25, 2018, businesses across the globe will be subject to a wealth of potential fees and penalties for non-compliance.

The General Data Protection Regulation (GDPR) has been approved by the European Union and demands significant data protection safeguards to be implemented by organizations around the world. Learn how you can successfully prepare for GDPR with advice from Osterman Research.

2016: The year in crisis provides The Economist Intelligence Unitís assessment of sources of corporate risk in the year 2016, its evolution over the next three years, and a perspective on the role of the board of directors in managing crises.

Donít wait to implement your cyber protection program. An excellent place to begin developing your approach is with the newly published The U.S. Homeland Security Strategies for Defending Industrial Control Systems. See the 7 recommended strategies and learn and how digital solutions can help fulfill steps toward a more secure operating environment.

Extended Validation (EV) certificates were launched in January 2007. EV certificates are an effort to define a standard for a high assurance SSL/TLS certificate and create a new trust foundation. The EV Guidelines are managed by the leading browsers and certification authorities (CAs) through the CA/Browser Forum, and have been since launch.

The cloud has been the hottest topic in information technology for the better part of the last decade. Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and now a new wave of Anything-as-a-Service (XaaS) continue to drive adoption of what we collectively call cloud services.

This guide describes the technical and business impact of SHA-1 migration as it pertains to SSL certificates only. It will outline a recommended migration path to minimise the cost and operational impact of replacing affected SSL certificates.